Upstash wouldn’t be vulnerable - Upstash doesn’t run upstream redis, it’s a protocol-compatible proprietary implementation.